archives

Scar de Courcier

Scar de Courcier is Senior Editor at Forensic Focus.
Scar de Courcier has written 229 posts for Forensic Focus – Articles

Digital Forensic Techniques To Investigate Password Managers

by Dr Tristan Jenkinson In part one we discussed the importance that data from password managers can play. In part two, we look at aspects an investigation may include from a digital forensics perspective. How Password Managers Can Be Investigated Using Digital Forensics Evidence of Usage of Password Management Systems Finding evidence that a password … Continue reading

How To Digital Forensic Boot Scan A Mac With APFS

by Rich Frawley  In this short 3-minute video, ADF’s digital forensic specialist Rich Frawley shows how to boot a MacBook Air (APFS, non-encrypted) with Digital Evidence Investigator. The ADF digital forensic team is hard at work putting the finishing touches on the complete package: Enabling FileVault support at boot Allowing the input of credentials, much like … Continue reading

Digital Forensics For National Security Symposium – Alexandria, VA, December 10th-11th

On the 10th and 11th of December 2019, the inaugural Digital Forensics For National Security Symposium will take place in Alexandria, VA, USA. Below is an overview of the subjects and speakers that will be featured at the event. Tuesday December 10th Registration will be open from 8:00-8:45am, after which Retired Special Agent Jim Christy … Continue reading

The Potential Importance Of Information From Password Managers

by Dr Tristan Jenkinson There have recently been a number of articles discussing the use of common passwords and encouraging better password practices. Most guidance includes the recommendation not to use the same password for different accounts. This makes sense – it limits risk of further exposure in the event that one set of details … Continue reading

Walkthrough: Quin-C Social Analyzer Widget From AccessData

Hello. This is Sven from the technical team here at AccessData. This video will feature the Social Analyzer widget. So let’s get started. Go to Quin-C and open the grid, just to see how many items we have in our case. To use Quin-C with the Social Analyzer widget, we need to filter the emails. … Continue reading

How To Conduct A Live Forensic Scan Of A Windows Computer

Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator.  Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target … Continue reading

How To Use The Griffeye Intelligence Database

Beginning with version 19, Griffeye Analyze DI Pro and Core will start using the new Griffeye Intelligence Database, or GID, to replace the legacy intelligence manager. In this video, we’re going to discuss the changes that the GID brings to the Analyze DI interface, and how to use the Griffeye Intelligence Database system within your … Continue reading

How To Transfer A Password Recovery Process To A Different Computer Using Passware

Did you know that Passware Kit can create a snapshot of a password recovery process at any time and resume it on a different computer? Running a password recovery attack, especially for multiple files or drives, might be a long process that requires a lot of hardware resources. In some cases, it might be necessary … Continue reading

Hunting For Attackers’ Tactics And Techniques With Prefetch Files

by Oleg Skulkin Windows Prefetch files were introduced in Windows XP, and since that time they have helped digital forensics analysts and incident responders to find evidence of execution.  These files are stored under %SystemRoot%\Prefetch, and are designed to speed up applications’ startup processes. If we look at any prefetch files, we can see that … Continue reading

How To Decrypt BitLocker Volumes With Passware

Decrypting BitLocker volumes or images is challenging due to the various encryption options offered by BitLocker that require different information for decryption. This article explains BitLocker protectors and talks about the best ways to get the data decrypted, even for computers that are turned off. BitLocker Encryption Options Protectors that can be used to encrypt … Continue reading

How To Use Magnet AXIOM In Mac USB Investigations

Hey everyone, Trey Amick from Magnet Forensics here. Today we’re talking about Mac USB investigations, and what happens when we’ve been alerted that a USB has been inserted into an end point. Different organisations handle USB policies differently. Some have alerting mechanisms in place for when USBs are detected, while others may encrypt the drive … Continue reading

Can Your Investigation Interpret Emoji?

by Christa Miller, Forensic Focus Emoji are everywhere — including in your evidence. Used across private-messaging apps and email, social media, and even in passwords and account names, emoji are pictographic representations of objects, moods, and words. They’re a convenient shortcut for users who want to convey tone and emotion in digital communication without using … Continue reading

Walkthrough: XRY Photon Manual

XRY Photon is a solution designed for recovering smartphone app data that’s inaccessible through normal extraction techniques. Now the power of XRY Photon has been expanded to cover hundreds of additional apps, with a new manual option. Before using XRY Photon, always check the XRY device manual first, to see if an app is supported, … Continue reading

How To Use Griffeye Brain – Artificial Intelligence

The Griffeye Brain in Analyze DI Pro version 19.2 brings the power of machine learning and artificial intelligence to help you quickly locate and identify child sex abuse material within your investigations. In addition, the Griffeye Brain now has improved object detection, allowing for multiple objects to be located within the same image. In this … Continue reading

Three Reasons Why Call Detail Records Analysis Is Not “Junk Science”

by Patrick Siewert, Principal Consultant, Pro Digital Forensic Consulting Since introducing our private sector clients to the impact that cellular call detail records (CDR) analysis & mapping can have on their cases, we’ve had a lot of robust discussions with litigators and clients about the veracity and value of this evidence.  CDR analysis has been … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,291 other followers